Pig-butchering scams are becoming more commonplace.
A University of Texas study estimates that up to $75 billion has been stolen from victims worldwide via pig butchering since 2020.
Here’s how the scam typically works:
- A bad actor — often forced labor working for gangs in southeast Asia — establishes contact with a victim via text message or social media.
- That person spends months forging a trusted relationship and eventually offers to help the victim invest in allegedly lucrative virtual currency opportunities.
- The numbers start small and show gains to build confidence.
- The hook: In order to get the riches on their fake account screens, victims must invest more.
- The stakes rise over time, and the scammers become more demanding. The “pig” is being fattened for a slaughter until a victim has nothing more to give. Because it’s crypto, the money is usually untraceable.
The scam has become so prevalent that in 2023 the Financial Crimes Enforcement Network issued an alert with 15 behavioral, financial, and technical “red flags” for banks to monitor.
They include customers using home equity loans to purchase crypto or appearing “distressed or anxious” about accessing funds ahead of a deadline.
Behavioral Red Flags
- A customer with no history or background of using, exchanging, or otherwise interacting with virtual currency attempts to exchange a high amount of fiat currency from an existing or newly opened bank account for virtual currency or attempts to initiate high-value transfers to VASPs
- A customer mentions or expresses interest in an investment opportunity leveraging virtual currency with significant returns that they were told about from a new contact who reached out to them unsolicited online or through text message.
- A customer mentions that they were instructed by an individual who recently contacted them to exchange fiat currency for virtual currency at a virtual currency kiosk and deposit the virtual currency at an address supplied by the individual.
- A customer appears distressed or anxious to access funds to meet demands or the timeline of a virtual currency investment opportunity.
Financial Red Flags
- A customer uncharacteristically liquidates savings accounts prior to maturation, such as a certificate of deposit, and then subsequently attempts to wire the liquidated fiat currency to a VASP or to exchange them for virtual currency.
- A customer takes out a HELOC, home equity loan, or second mortgage and uses the proceeds to purchase virtual currency or wires the proceeds to a VASP for the purchase of virtual currency.
- A customer receives what appears to be a deposit of virtual currency from a virtual currency address at or slightly above the amount that the customer previously transferred out of their virtual currency account. This deposit is then followed by outgoing transfers from the customer in substantially larger amounts.
- Accounts with large balances that are inactive or have limited activity begin to show constant, uncharacteristic, sudden, abnormally frequent, or significant withdrawals of large amounts of money being transferred to a VASP or being exchanged for virtual currency.
- A customer sends multiple electronic funds transfers (EFTs) or wire transfers to a VASP or sends part of their available balance from an account or wallet they maintain with a VASP and notes that the transaction is for “taxes,” “fees,” or “penalties.”
- A customer with a short history of conducting several small-value EFTs to a VASP abruptly stops sending EFTs and begins sending multiple high-value wire transfers to accounts of holding companies, limited liability corporations, and individuals with which the customer has no prior transaction history. This is indicative of a victim sending trial transactions to a scammer before committing to and sending larger amounts.
Technical Red Flags
- System monitoring and logs show that a customer’s account is accessed repeatedly by unique IP addresses, device IDs, or geographies inconsistent with prior access patterns. Additionally, logins to a customer’s online account at a VASP come from a variety of different device IDs and names inconsistent with the customer’s typical logins.
- A customer mentions that they are transacting to invest in virtual currency using a service that has a website or application with poor spelling or grammatical structure, dubious customer testimonials, or a generally amateurish site design.
- A customer mentions visiting a website or application that is purported to be associated with a legitimate VASP or business involved in investing in virtual currency. The website or application shows warning signs such as a web address or domain name that is misspelled in such a manner as to resemble that of another business, a recently registered web address or domain name, no physical street address, international contact information, or contact methods that include only chat or email.
- A customer mentions that they downloaded an application on their phone directly from a third-party website, rather than from a well-known third-party application store or an application store installed by the manufacturer of the device.
- A customer receives a large amount of virtual currency such as ether at an exchange, subsequently converts the amount to a virtual currency with lower transaction fees such as TRX, and then abruptly sends it out of the exchange.
As scammers get more aggressive, banks must increase their vigilance to protect customers. PVB is dedicated to educating and protecting its customers.